現在越來越多的醫療院所利用資訊科技來提供醫療服務,如何保護極為隱私的病患資訊,也是各大醫療院所對於資訊安全管理上非常重要的課題。於是1996年8月在美國柯林頓總統任內所通過的重要醫療保險可攜性責任法案(HIPAA),此法案制定了在醫療方面的資訊安全規範,以提升整體醫療品質。其中隱私權條文規定了病患對個人的醫療資訊必須擁有更多的控制權利,以及醫療資料的使用與揭露都應該受到管制。 本研究設計一個符合HIPAA 法案中規範的安全控管要件,滿足電子病歷會有其交流的必要性,同時也需考量到病患不需要將不相干的醫療資訊暴露在醫療人員面前。於是病患與院方之間為了將病歷作安全防護所建立的交談式金鑰,必須建立在病患與各醫科之間。當醫療人員有需要參考病患在其他醫科的病歷時,在應用存取控制的機制下,可透過院方取得該病歷。如果病患在別間醫院仍可以做跨院的病歷交流來取得病歷。 另外在安全管控演算機制中,應用了橢圓曲線的優點,如執行效率快、安全度更高以及在相同安全度下具有較短的金鑰長度,以建立所需之基本金鑰,實驗數值[13]說明它比DSA演算機制快約30%。 Nowadays, more and more healthcare providers use information systems to provide healthcare services. How to protect the private patient’s information is an important issue about security management of information to all healthcare providers. The Health Insurance Portability and Accountability Act enacted by the United State Congress in August, 1996, is the Federal Law which applies to the U.S healthcare industry. HIPAA specifies the guideline about health information security to enhance the healthcare quality. The regulations about patient’s privacy specifically indicate that the patients should have more power to control themselves’ health record, and the use and the disclosure of health information should be under the control safely. This research is to design a management of security to comply with HIPAA, to satisfy the necessity to exchange the electrical patient’s record, and to consider that the patients don’t need to disclosure the irrelevant health information to the healthcare workers. Therefore the session keys are made between the patient and each department of the hospital. If healthcare workers need to refer to the patient’s record in other department, they can get the record through the hospital using the mechanism of access control. Even the record is in other hospital, they are still able to get the record through the mechanism of interflow of electrical patient’s record between hospitals. Besides, the mechanism of security uses the advantage of elliptic curve cryptography, ex. better efficiency, stringer security, and shorter key length under the same security level. For the time cost establishing the key, the experiment result [13] shows that elliptic curve cryptography is quicker than DSA mechanism about 30%